chemistry-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jaime Porras López <>
Subject Services without a clearly defined Permission Mapping filter
Date Thu, 30 May 2013 08:38:38 GMT

Following are listed some services without a clearly defined Permission
Mapping filter, based on CMIS 1.0 (
and CMIS 1.1 ( )

1) Navigation Services

    1.1) getCheckedOutDocs
        Description: Gets the list of documents that are checked out that
the user has access to.

        I see two options:
        1.1.1) Granted to any authenticated user. (The result will be
already filtered by the user permissions related with the objects)
        1.1.2) If a folder is specified then apply the Permission Mapping
        My guess is to go for the option 1.1.2.

2) Object Services

    2.1) createDocumentFromSource
        Description: Creates a document object as a copy of the given
source document in the (optionally) specified location.
        My guess is that the Permission Mappings to apply would be:
        2.1.1) Always canGetProperties.Object
        2.1.2) If the object has a content stream, also apply
        2.1.3) If the optional folder is specified, also apply

    2.2) createPolicy
        Description: Creates a policy object of the specified type
        2.2.1) CMIS 1.0
            There is no Permission Mapping defined for this operation in
CMIS 1.0.
            My guess is to apply the nearest permission mapping:
        2.2.2) CMIS 1.1
            The permission mapping defined is canCreatePolicy.Folder.
            NOTE: In openCMIS 0.9.0-beta-1 this permission mapping is not
included neither in org.apache.chemistry.opencmis.commons.enums.Action or
            See JIRA:

    2.3) getAllowableActions
        Description: Gets the list of allowable actions for an Object
        My guess is that this should be granted to any authenticated user.

    2.4) getRenditions
        Description: Gets the list of associated Renditions for the
specified object. Only rendition attributes are returned, not rendition
        The related Permission Mapping was removed in the errata version of
CMIS 1.0.
        My guess is to apply canGetProperties.
        NOTE: In openCMIS 0.8.x and 0.9.0-beta-1 this permission mapping is
included in org.apache.chemistry.opencmis.commons.enums.Action but not in
        See same JIRA as in 2.2.2.

3) Discovery Services

    3.1) query
        Description: Executes a CMIS query statement against the contents
of the Repository.
        Based on the definition, all authenticated user is granted to query
all query-able.
        In our implementation, we will restrict the output to all
query-able objects whose ACL has at least one ACE for the current user. In
this way, we can be sure the user can use all the returned objects in some

4) Versioning Services

    4.1) getObjectOfLatestVersion
        Description: Get a the latest Document object in the Version Series.
        My guess is to apply canGetProperties.Object

    4.2) getPropertiesOfLatestVersion
        Description: Get a subset of the properties for the latest Document
Object in the Version Series.
        My guess is to apply canGetProperties.Object

Would you mind to clarify if my guessings are correct?

Thank you very much in advance.


Jaime Porras.

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message